The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Saurabh Bagchi - Purdue University

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

Protecting Today's Enterprise Systems against Zero-day Attacks

Feb 27, 2013

Abstract

To secure today's enterprise computer systems, it is critical to have different intrusion detection sensors (IDS) embedded in them. In spite of that, the complexity of such distributed computer systems makes it difficult to determine the appropriate choice and placement of these detectors. In this talk, we will first describe a method to evaluate the effect a detector configuration has on the accuracy and precision of determining the system's security goals. The method is based on a Bayesian network model, obtained from an attack graph representation of the target system. Using Bayesian inference, we implement a dynamic programming algorithm for determining the optimal detector settings in a large-scale distributed system. We extend this algorithm to work for the common case scenario that the distributed system changes over time (say with the addition of new machines or new users) and the target attacks also change over time. In the final piece of the talk, we describe how to protect the systems when one or more attack steps have not been seen before, i.e., zero-day attacks. In our evaluation, we show the result of applying our technique to real attacks against a production enterprise network.

About the Speaker

Saurabh Bagchi is an Associate Professor in the School of Electrical and Computer Engineering and the Department of Computer Science at Purdue University in West Lafayette, Indiana. He is a senior member of IEEE and ACM, an IMPACT faculty fellow at Purdue University and the Assistant Director of the CERIAS security center at Purdue. He received the MS and PhD degrees from the University of Illinois, Urbana-Champaign, in 1998 and 2001, respectively. At Purdue, he leads the Dependable Computing Systems Laboratory (DCSL), where he and a set of wildly enthusiastic students try to make and break distributed systems for the good of the world.


Ways to Watch

YouTube

Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!